Wireshark-dev: Re: [Wireshark-dev] Function explanation of WireShark
From: "Martin Corraine (mcorrain)" <[email protected]>
Date: Thu, 19 Jun 2008 11:37:34 -0400

I would first get the code built and try running wireshark. Then, figure out if your protocol runs atop of another protocol. For instance, http runs atop of TCP. Then, use the skeleton code provided. I would first get the minimum code written and see if that builds. Check to see if your proto is registered with wireshark and what not. Then this is where you experiment with all those functions. The best way to know how to use them is to try em and read the readme. I recommend this web page, http://www.codeproject.com/KB/IP/custom_dissector.aspx?fid=433815&df=90&mpp=25&noise=3&sort=Position&view=Quick&select=2259002. Use his code and play with it.


-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Luis EG Ontanon
Sent: Thursday, June 19, 2008 10:59 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Function explanation of WireShark

Use the SOUrce young padawan...

what about tvbuff.h

2008/6/19 Jiabin Liao <[email protected]>:
> Hi,
> Recently, I want to write a plug-in for WireShark. But I can do it 
> smoothly, for I always could not understand the examples in the source 
> packeg, such as packet-udp.c. The problem is I can find the 
> explanation of many functions, such as 
> tvb_reported_length_remaining()、dissector_try_heuristic(), and so on. README files do not explain how to use them.
> Where can I find the explanation?
> Jiabin.
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> https://wireshark.org/mailman/listinfo/wireshark-dev

This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
Wireshark-dev mailing list
[email protected]